The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure its IT infrastructure following a February 2024 ransomware attack that disrupted numerous municipal services. Of that amount, $30 million is allocated for 2025, funded through a mix of reserves, debt financing, and tax levies.
The ransomware attack disabled critical services, including transit, tax systems, payroll, and building applications. While most services have since been restored, city officials are now focused on strengthening systems to prevent future incidents. The recovery plan includes hiring 48 full-time positions, such as data analysts, project managers, and AI specialists, to support IT improvements.
City Council reviewed a report outlining 21 priority projects for 2025, with funding targeted at upgrading systems for asset management, fire dispatch, and financial management. However, appendices detailing specific project costs remain confidential, prompting concerns over transparency. Councillor Brad Clark has called for more public disclosure, saying, “The costs are exorbitant … if we are spending the kind of money proposed here, and you don’t see exactly where it is being spent, then we are not being transparent.”
Officials have declined to disclose key details of the ransomware attack, including the ransom amount demanded and the vulnerabilities exploited. Auditor General Charles Brown noted that sharing information about past and present weaknesses could expose the city to further attacks. A follow-up cybersecurity audit, supported by Valencia Risk consultants, will review the city’s response and examine the effectiveness of existing defenses.
While residents demand more clarity, city leaders emphasize the need for caution to avoid aiding future attackers. The planned recovery and audit aim to “build back better and stronger” to protect Hamilton’s IT systems against evolving cyber threats.